A report into the effectiveness of vetting and counter-corruption arrangements in Cleveland Police

Published on: 16 June 2023

About us

His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) independently assesses the effectiveness and efficiency of police forces and fire and rescue services, in the public interest. In preparing our reports, we ask the questions the public would ask, and publish the answers in accessible form. We use our expertise to interpret the evidence and make recommendations for improvement.

1.  Introduction

Vetting, IT monitoring and counter-corruption: adequate

In September 2021, we changed the way we report on how effectively forces manage vetting and counter-corruption.

Previously, we inspected these areas as part of our police effectiveness, efficiency and legitimacy (PEEL) programme and provided our findings in the inspection report.

The new arrangements mean we will inspect each force separately to PEEL, although we will continue to use the same methods and produce a report containing our findings, graded judgments and any areas for improvement or causes of concern. The report will be accessible via a web link from the most recent force PEEL report.

In November 2022, we inspected Cleveland Police to examine the effectiveness of the force’s vetting, IT monitoring and counter-corruption arrangements. We briefed senior personnel in the force at the end of the inspection. It should be noted that we didn’t gather evidence during our inspection in relation to the wider culture of the workforce. We didn’t assess the overall leadership of the executive team and senior managers in setting expectations and standards across the organisation.

This report sets out our findings. It includes an area for improvement identified at the time of the inspection, which we recognise the force may have already addressed.

2.  How effectively does the force vet its officers and staff?

Vetting authorised professional practice

In 2021, the College of Policing published the authorised professional practice (APP) on vetting. The APP explains the role of vetting in assessing the suitability of people to serve in the police service, as a police officer, special constable or member of staff. It sets out the minimum standards that should be applied for each clearance level. It also lists the minimum vetting checks that should be undertaken on the applicant, their family and associates. The APP has a large section providing guidance on assessing threat and risk in relation to vetting decisions.

The vetting APP applies to the police forces maintained for the police areas of England and Wales as defined in section 1 of the Police Act 1996.

Force vetting IT system

In June 2019, Cleveland Police introduced a new vetting IT system, but it doesn’t link with the force’s HR system. To overcome this, the internal moves unit within the HR department provides the force vetting unit (FVU) with regular reports. This recently introduced process is helping the FVU keep better track of internal moves, promotions and people leaving the force.

Current vetting of the workforce

The force told us that as of November 2022, it had a total of 2,497 police officers, special constables, police staff and police community support officers.

The force told us there were 125 people in post without the correct level of vetting for their role because it had expired. The force couldn’t tell us how many were officers or staff without manually reviewing its records.

The vetting system alerts the FVU 42 days before renewals are due, prompting the unit to send out application documents.

Demand and workload

The force doesn’t have enough staff in the FVU to cope with current demand. The FVU is prioritising recruitment vetting (RV) to support the Police Uplift Programme and other recruitment, such as force contact centre posts. This means other vetting tasks are falling behind. For example, unless there is a specific operational need, the force decided in April 2021 it wouldn’t carry out any RV or management vetting (MV) renewals to allow staff to focus on RV for the uplift programme. As a result, the number of expired vetting clearances is steadily increasing. This problem is made worse using FVU staff to complete non-vetting tasks in support of family court proceedings.

The force recognises the risks of not managing vetting demand and had recorded its position on its risk register. Chief officers are scrutinising progress. The FVU has recently recruited an extra vetting researcher and is planning to recruit another.

The force grants non-police personnel vetting (NPPV) clearance to contractors, volunteers and people who work for organisations that share police premises. However, the force does not have clear data to show how many of these have or need vetting clearance. The force told us that its IT and estates departments manage the process of removing access from systems and buildings when no longer required. But they don’t notify the FVU when contracts conclude, or people leave the contracted company and no longer require NPPV.

Since June 2022, the FVU has been reviewing expired NPPV cases. The force told us that as of November 2022, it still had 1,456 such cases. The FVU told us that this still exceeds the number of non-police personnel. It is clear that the force hasn’t been maintaining accurate NPPV records.

In the past, the force conducted its own NPPV checks. Recently it has been using the police national vetting service hosted by Warwickshire Police because of increased demand.

Designated posts

Some police roles have access to more sensitive information and require a higher level of vetting known as management vetting (MV). The extent to which the role requires working with vulnerable people is also a factor for forces to consider when deciding if a role requires MV. The vetting APP states that forces should keep a record of all MV roles on a designated posts list.

Cleveland Police hasn’t been managing its MV processes effectively.

The force told us that as of November 2022, the FVU had a list of 300 police personnel with current MV clearance. The force said 16 people (10 police officers and 6 police staff) had expired MV.

Generally, the force doesn’t post people into MV roles without the required clearance. But the FVU told us that occasionally local police commanders will move individuals into MV posts without MV clearance.

Where MV is completed, the FVU undertakes all the required minimum checks. The force was still in the process of compiling its designated post list. However, the FVU wasn’t confident that it had identified every role that requires MV.

Early in 2022, the counter-corruption unit (CCU) identified several departments, for example, sex offender management and domestic abuse, with posts that involved increased access to vulnerable people.

The CCU conducts intelligence checks on people before they are appointed to these posts, but these fall short of those required for MV. The force didn’t know how many of these posts it had.

The FVU acknowledges that it needs to conduct a comprehensive review of all roles to decide which should be designated posts. It must then make sure that people in those roles have MV vetting. Until the force completes this process, it has no way of knowing if it has unsuitable people in high-risk roles.

Transferees

Vetting APP allows forces to accept vetting clearance from another force if it is no more than one year old. But many forces choose to vet officers and staff new to their organisation, even if they are transferring from another force with a current vetting clearance.

Cleveland Police has chosen to vet all transferees and those who have left the service and applied to rejoin. The FVU requests a professional standards department complaint and conduct history, as well as any CCU intelligence, but only from the force in which the individual previously served.

Change of circumstances

The force has taken steps to improve the workforce’s awareness that they must report any changes of personal circumstances, for example, marital status, name changes or significant changes to personal finances.

Cleveland Police’s professional standards department, the department of standards and ethics (DSE), gives new recruits guidance about reporting changes. A quarterly DSE bulletin emailed to every employee and posted on the force’s intranet highlights the requirement to report any changes.

The force’s personal development review (PDR) system includes questions about risks, such as business interests. It specifically asks staff about any changes in their personal circumstances. At the time of our inspection, the force told us that more than 62 percent of staff had completed their PDR for 2022.

The workforce’s understanding of when to report changes in circumstances has improved. In 2021, the FVU received 56 notifications. By the time of our inspection in November, it had already received 115 notifications. When it receives a notification, the FVU conducts relevant vetting checks to identify risks and to decide if the person’s vetting status is affected.

The DSE informs the FVU of all misconduct meeting or hearing outcomes. The FVU complies with the APP requirement to review a person’s vetting status if misconduct proceedings result in reduction in rank, written warning or final written warning.

Vetting decisions

Vetting researchers in the FVU conduct all relevant checks. The FVU’s arrangements for vetting decisions are structured into a tiered system:

  • tier 1 involves straightforward cases, where no concerning adverse information is found. Vetting officers can grant clearance;
  • tier 2 is for less straightforward cases. A senior vetting researcher or the vetting supervisor can grant clearance with a supporting rationale, or they can escalate the decision to tier 3 with a recommendation for refusal; and
  • tier 3 is for more complex cases. The force vetting manager makes the final decision and records their rationale.

The force makes only limited use of vetting interviews. FVU researchers occasionally contact applicants to clarify information in their application.

Risk mitigation measures

The force regularly uses risk mitigation measures to support its vetting decisions. This includes restrictions on where people can be posted, monitoring their use of the force’s IT systems and regular reviews of applicants’ management of their finances. The FVU and CCU work closely together when considering the use of IT monitoring to help manage potential risks.

The force produces a counter-corruption strategic threat assessment (STA) annually, which outlines the current threats it faces. There is no established process for the CCU to share the STA with the FVU. We encourage the force to make sure vetting decision-makers are fully aware of the current corruption threats.

Appeals and quality assurance

The head of the DSE handles vetting appeals. Applicants with a protected characteristic are given an option to declare this as part of their appeal. In these cases, the force convenes a panel to advise the DSE. Depending on the nature of the case, the panel can include:

  • head of DSE (chair);
  • HR representative;
  • equality, diversion and inclusion representative;
  • member of the force’s strategic independent advisory group;
  • Police Federation representative;
  • trade union representative; and
  • member of the race equality network.

The head of DSE makes the final decision and records their rationale in each case.

One of the principles of the Vetting Code of Practice is that: “decision-making in respect of vetting clearance should be separate from, and independent of, recruitment and other human resources processes.” Therefore, we question the role that HR representatives have in Cleveland Police’s appeal process.

Except for the appeals, there is no process for quality assuring vetting decisions at any tier. We encourage the force to address this.

Disproportionality

The APP states there is a risk that vetting has a disproportionate impact on underrepresented groups. Furthermore, it requires forces to monitor vetting applications, at all levels, against protected characteristics to understand whether there is any disproportionate impact on particular groups. Where disproportionality is identified, forces must take positive steps to address this.

Cleveland Police collects data on ethnicity, age and gender in its vetting decisions. But analysis to understand the reasons for any disproportionality is limited to ethnicity data only.

Vetting file review

We reviewed 40 vetting clearance decisions from the preceding 3 years with a vetting specialist from another force. These files related to police officers and staff who had previously committed criminal offences or those that the force had other concerns about. The case file review included transferee and RV decisions.

We agreed with most of the force’s decisions. But in five cases, the recorded rationale didn’t demonstrate that the force had sufficiently considered all the identified risk factors.

Recorded rationales often didn’t have enough detail. Vetting decision-makers should make more specific reference to the APP and the National Decision Model. This would help them to account for all identified risks and any potential mitigations.

In many cases, the force introduced relevant risk mitigation measures, but it could use vetting interviews more frequently.

Area for improvement

The force should improve its vetting arrangements to ensure that:

  • it has a clear understanding of the level of vetting required for all posts and that all personnel have been vetted to a high enough level for the posts they hold;
  • it has a clear understanding of the vetting required for all non-police personnel and that all non-police personnel have vetting clearance for their role;
  • the force vetting unit has sufficient staff to meet the demand it faces;
  • when concerning adverse information has been identified during the vetting process, all vetting decisions (refusals, clearances and appeals) are supported with a sufficiently detailed written rationale;
  • when granting vetting clearance to applicants with concerning adverse information, the force vetting unit creates and implements effective risk mitigation strategies, with clearly defined responsibilities and robust oversight; and
  • it analyses vetting data to identify, understand and respond to any disproportionality.

3.  How effectively does the force protect the information and data it holds?

Lawful business and IT monitoring capability

Cleveland Police can monitor all its IT systems across handheld, mobile and desktop devices. It has an IT monitoring policy with associated guidance for both passive and targeted monitoring.

It proactively checks the use of mobile devices. This could identify potential misconduct, including unacceptable contact with vulnerable victims or organised crime groups.

We reviewed 60 items of potential corruption intelligence. We found effective use of the IT monitoring software when intelligence indicates a higher risk of sexual misconduct or other corruption.

There are strong links between the force IT department and the CCU during the procurement process for new IT systems. No new IT systems can be introduced to the force without the prior approval of the CCU. This ensures new systems have the auditing functions they need to prevent misuse.

IT monitoring policy

The force has a lawful business monitoring policy for monitoring and recording staff communications. It is due for review in 2025. The policy allows for proactive monitoring.

Digital device management

The force can attribute all mobile phones and tablets to its workforce. Each device has a warning screen outlining the force’s lawful business monitoring policy and reminding people they have no expectation of privacy if used for personal use.

Information security – encrypted apps

The force has a social media policy and has shared it across the workforce. It provides guidance on the use of social media that includes the risks associated with its misuse. Encrypted apps aren’t permitted on force devices.

4.  How well does the force tackle potential corruption?

Intelligence

Sources of corruption-related intelligence

Between 1 January 2020 and our inspection in November 2022, the force’s confidential reporting line received 308 reports:

  • 102 reports in 2020;
  • 99 reports in 2021; and
  • 107 reports in 2022.

We examined 60 corruption intelligence files and found that the reporting line was an effective intelligence source. We also saw intelligence reported by colleagues, the public and line managers. We saw four cases identified by proactive intelligence collection.

Police corruption categorisation

The force correctly categorises intelligence in line with the counter-corruption APP.

Partnership working to identify potential corruption

The force has developed working relationships with agencies and organisations that support vulnerable people, to help identify potential abuse of position for a sexual purpose (AoPSP).

The CCU’s corruption prevention officer had given training on AoPSP to over 1,400 frontline staff from numerous organisations. At the time of our inspection, this post was vacant, but the force had identified a replacement.

The force surveys members of the public who have reported domestic abuse. Some questions may identify signs of AoPSP. These are referred immediately to the CCU.

During our review of corruption intelligence files, we found examples of information from organisations working with vulnerable people.

Identifying corruption threats

Counter-corruption strategic threat assessment

At the time of our inspection, Cleveland Police had a current counter-corruption STA due for renewal in December 2022. It identifies the four main threats facing the force and includes case studies.

Data illustrates how risks and emerging threats have been identified. The threats are published on the force’s intranet.

Counter-corruption control strategy

The force has a counter-corruption control strategy based on the 4P-approach (pursue, prepare, protect and prevent). It is due for renewal in 2023. It is a substantial document that clearly sets out the force priorities identified in the counter-corruption STA and has considered the National Crime Agency’s STA.

Implementation plan

Each threat identified in the STA and control strategy is considered in the implementation plan. A named person is responsible for each aspect of the plan and progress is recorded. The plan was scheduled to be completed by April 2023.

Managing corruption threats

Intelligence development

We reviewed 60 corruption intelligence case files. We found three cases where the force did not use its IT monitoring capability. This may have resulted in some missed opportunities. In the other 57 cases, the CCU responded effectively, producing a thorough investigation plan to develop intelligence using a range of techniques with good supervisory oversight.

We found three cases where intelligence resulted from proactive IT monitoring.

Identification of those who pose a corruption risk

The force has an established people intelligence meeting attended by senior managers from local policing areas, HR, finance, legal services and training. It is chaired by the head of the professional standards department. There is an ability to escalate individuals of concern for action through this process. We saw several cases where people were discussed at the meeting and the force took action to mitigate risks.

The force has created several risk matrices to monitor staff who potentially pose a corruption risk:

  • Operation Beacon manages police personnel believed to pose an AoPSP risk. This has been extended to include other misconduct, such as sexual harassment.
  • Operation Jericho manages police personnel who are potentially vulnerable from criminals or have links to organised crime groups.
  • Operation Sterling manages members of the workforce in financial difficulty.
  • Operation Fagan manages personnel where there is an allegation of theft or fraud.

The CCU uses a risk matrix for each operation and records its findings. Staff categorise each case as low, medium, or high-risk. A plan is created for people graded high-risk and they are allocated a CCU investigator. We examined the registers for these operations and found them well maintained.

Capacity and capability to investigate corruption

The CCU is a small team comprising well-trained experienced detectives supported by a crime analyst. At the time of our inspection, there were three vacant posts. This increased the workload of other staff, including supervisors, who had to take on additional investigative tasks. The force recognised this and had begun the process to fill those vacancies.

CCU management informed us that the addition of an intelligence researcher would allow greater use of proactive tactics, including increasing the effectiveness of IT monitoring. We would encourage the force to consider this proposal.

Specialist resources

CCU senior managers are experienced detectives with good operational knowledge covert tactics. We were told that access to covert resources could be requested from within the force or the regional organised crime unit. The force’s operational security officer would be consulted.

We did not identify any missed opportunities to use covert tactics in support of corruption investigations.

Policies designed to prevent corruption

Clear and concise corruption prevention policies help to guard against corrupt activity, but can’t guarantee to prevent corruption, or in themselves stop corrupt practice. They provide guidance on how police officers and staff should behave. They should clearly state what is expected of members of the workforce and what actions they should take to protect themselves and the organisation from corruption.

The counter-corruption (prevention) APP sets out what policies forces should have and gives guidance on their content. We examined the force’s policies in these areas:

  • Notifiable associations: policies should cover how the force should manage the risks related to officers and staff who may associate with, for example, criminals, private investigators, or members of extremist groups. They should require the disclosure by officers and staff of such associations.
  • Business interests: policies should state when the force should allow or deny officers and staff the opportunity to hold other jobs. They should explain how the force will manage the risks that arise when officers and staff are allowed to hold them.
  • Gifts and hospitality: policies should cover the circumstances in which police officers and staff should accept or reject offers of gifts or hospitality.

Cleveland Police requires officers and staff to report any gifts or hospitality they are offered. The DSE maintains a gifts and hospitality register. There are numerous entries, many with detailed information about the gift or hospitality and an explanation of the circumstances in which it was received. In some cases, the gifts were only accepted following consultation with the DSE ethics lead.

We found the notifiable association policy was comprehensive and reflected the APP.

Reviews of the register for notifiable associations were up to date and well structured. Line managers were involved in the submission of notifiable associations and monitoring compliance with conditions.

Our file review showed that notifiable associations are being consistently submitted in response to CCU investigations.

The force’s business interest policy did not include all the activities we would expect. For example, volunteer work is not always considered a business interest. It should be. We urge the force to address this.

Officers and staff report business interests by completing an online form. The CCU keeps a register. Reviews of the register are comprehensive.

All approved business interests had conditions attached. Most conditions were generic and could have been included in the policy. This would have allowed business interests with specific conditions to be monitored. We suggest the force policy is changed to enable this. There was no evidence that compliance with business interest conditions was checked.

More positively, we found that the force requires officers and staff with rental properties to provide details of their tenants. Vetting checks on tenants help the force identify any potential corruption risks.

Sexual misconduct

Cleveland Police recognises AoPSP as serious corruption and refers them to the Independent Office for Police Conduct.

The force supports mandatory College of Policing training with poster campaigns and intranet articles publishing the outcomes of gross misconduct hearings. The prevention officer has given further training to new staff and supervisors.

Members of the workforce who report sexual misconduct are supported by an external organisation as well as by internal managers and HR.

Back to publication

A report into the effectiveness of vetting and counter-corruption arrangements in Cleveland Police